Posted by David Sherman on Sunday, July 13, 2008 at 11:37:01 :
In Reply to: OT Ebay posted by Robert in NJ on Sunday, July 13, 2008 at 07:31:02 :
I had a Russian try to redirect me to one once by sending me an email asking if the item I was selling was the same as the item some other fellow was selling. He included a link to the other guy's item. However, when I clicked on it, it took me to a phishing page that looked exactly like the regular ebay login (didn't even ask for bank accounts, pins, etc)
The key to identifying a phishing page is to look at the full URL. That's the one thing they can't spoof. They can try to make it look similar, but they can't replicate the true domain name. Hence, instead of "https://signin.ebay.com", you might see "https://signin.ebay.com.ru" or "https://signinebay.com". The red flag to me was that firefox didn't attempt to automatically fill in my login info like it does with the real ebay login page. That meant that the URL was different from the one that I'd had firefox save the login info for.